Why educational institutions must act like businesses

This is a contributed piece by Charles Read, Regional Director of UK, Ireland and Benelux at OneLogin

From connected devices to Virtual Reality, technology is now giving students the ability to transform and design the way in which they choose to learn, not only from where, but also how. For example, students can now work from almost anywhere, using various applications and connected devices to enhance remote learning. Students are now increasingly known to use this technologically enhanced environment to create their own applications.

Mark Zuckerberg is a famous example of this, with his creation of Facebook whilst studying. It is uncommonly known however, that prior to this he created ‘CourseMatch’, which allowed students to select classes and form study groups. Zuckerberg then went on to create ‘FaceMash’, the precursor to Facebook, which accessed the university database to allow students to rate fellow class mates on attractiveness. Whilst apps, such as ‘CourseMatch’ can be extremely beneficial to the productivity of students, they also open the doors to many potential risks, for example transforming the education environment into a breeding ground for Shadow IT.

Students vs. shadow IT

Shadow IT, which is often used to describe the vast volume and variety of applications that have worked their way into an IT ecosystem, has been overwhelming IT teams in the business realm for a number of years now. However, this is now also becoming an issue, not only born straight out of students’ dorm rooms but just as commonly by university lecturers and researchers who are creating these new apps. This raises a huge cause for concern, as educational establishments, particularly universities, produce an overwhelming amount of data, which is now being handled by individuals with no foresight or experience of dealing with data.

Whilst the use of innovative and open sourced apps can prove to be beneficial to students’ productivity, the use of such apps raises a cause for concern in terms of ensuring compliance with legislations. In particular, the EU General Data Protection Regulations (GDPR) which has a deadline of May 25th 2018, will require institutions to ensure information, no matter what form, is managed in accordance with current legislation. Such guidelines are in place to protect institutions with a hoard of sensitive data and Intellectual Property; yet blissfully unaware students could potentially expose sensitive data to a mass of preventable risks.

On boarding and off boarding students

In business, employees can be the weakest link when it comes to data security – this is no different with students and faculty. Educational establishments, just by the nature of their business, retain the highest turn-over compared to any sector, with thousands of new students enrolling and graduating every year. This rapid on and off boarding of students can have the enrolment and IT departments in chaos.

Not only does enrolment need to make sure that each student, both new and existing, have schedules ready for the beginning of term, the IT department also needs to make sure each individual is able to access the appropriate systems to start effectively from day one. Both departments must be safe in the knowledge that when a whole year graduates, they cannot take valuable data with them. The reality is that a huge amount of administration is still being done manually and has highlighted the urgent need for procedures to be put in place to educate students on the handling of sensitive data during and post-graduation.

Eliminating risk

University, for most, is the final stepping stone before entering the corporate world and whilst shadow IT is encouraged within education to both aid productivity and creativity, educational institutions need to start thinking like businesses in order to prepare students for the working world. With systems such as Identity and Access Management in place, harmony can be achieved, to reflect the internal policies and practises of a corporate environment, students can be placed in good stead before embarking on their professional careers.

Embracing solutions such as IDaaS, multi-factor authentication and user provisioning, will allow institutions to keep the benefits but eliminate the risk. These solutions will allow students to freely use applications and minimise the drain on IT resources, encouraging the many beneficial aspects of shadow IT presented by students, while empowering IT teams to ensure these systems are secure and compliant.